Internal

• Kubernetes Operations

List Cluster Roles

kubectl get clusterroles

Get Details about a Specific Cluster Role

kubectl -o yaml get clusterroles cluster-admin

List Cluster Role Bindings

kubectl get clusterrolebindings

Get Details about a Specific Cluster Role Binding

kubectl get clusterrolebindings cluster-admin -o yaml

Create a Role

With Metadata

With CLI

kubectl -n <namespace-name> create role <role-name> --verb=use --resource=podsecuritypolicy --resource-name=example

Create a Role Binding

With Metadata

With CLI

kubectl -n <namespace-name> create rolebinding <role-binding-name> --role=<role-name> --serviceaccount=<namespace-name:service-account-name>
kubectl -n <namespace-name> create rolebinding <role-binding-name> --role=<role-name> --user=<user-name>

It is some times convenient to use the same name for role and role binding.

Create a Cluster Role Binding

With Metadata

With CLI

kubectl create clusterrolebinding some-clusterrole-binding --clusterrole=some-clusterrole --serviceaccount=some-namespace:some-sa

Assigning a Cluster Role to a Service Account

Using Metadata

kubectl apply -f 

the following manifest:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: blue-default-service-account-cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: default
    namespace: blue

With CLI

kubectl create rolebinding -n <namespace> <role-binding-name> --clusterrole=<clusterrole-name> --serviceaccount=<namespace>:<serviceaccount-name>
kubectl create rolebinding -n blue edit-blue-serviceaccount-binding --clusterrole=edit --serviceaccount=blue:blue-serviceaccount